I hope that by now you have understood the various types of threats that may attack the database. And now, it is time to discuss the various ways how we can secure our system. The types of computer-based controls to threats on computer systems range from physical controls to administrative policies and procedures.
8.2.1 Authorisation
„Authorisation is the granting of a right or privilege that enables a subject to have legitimate access to a system or a systemÊs object‰ (Connolly and Begg 2005). The process of authorisation involves authentication of the subject or a person requesting access to objects or systems. „Authentication is a mechanism that determines whether a user is who he or she claims to be‰ (Connolly and Begg 2005).
Usually, a user or subject can gain access to or a system through individual user accounts where each user is given a unique identifier, which is used by the operating system to determine that they have the authorisation to do so. The process of creating the user accounts is usually the responsibility of a system administrator. Associated with each unique user account is a password, chosen by the user and known to the operating system. A separate but similar process would be applied to give the authorised user to access a DBMS. This authorisation is the responsibility of a Database Administrator. In this case, an authorised user to a system may not necessarily have access to a DBMS or any associated application programs (Connolly and Begg, 2005).
Authorisation rules are controls integrated in the data management system that controls the access to the data and the actions that client or personnel may take when they access the data. Table 8.2 illustrates an example of authorisation rule represented as a table. By referring to Table 8.2, we can see that personnel whose password is „SUMMER‰ can only read the data while the personnel with the password „SPRING‰ can perform read, insert and modify the data. But, notice that the authorisation table that consists of the authorisation rules contain highly sensitive data, they themselves should be protected by stringent security rules.
Usually, one selected person in data administration has the authority to access and modify the table (Hoffer et.al. 2007).
Table 8.2: Sample of authorisation rules (Hoffer et. al. 2007)
Action Personnel with password „SUMMER‰ Personnel with password „SPRING‰
Read Y Y
Insert N Y
Modify N Y
Delete N N
8.2
8.2.2 Access controls
Usually, access controls to a database systems is based on the granting and revoking of privileges. A privilege allows a user to create or access (that is read, write or modify) a database object or to execute a DBMS utility. The DBMS keeps track of how these privileges are granted to users and possibly revoked, and ensures that at all times only users with necessary privileges can access an object.
Most commercial DBMS provide an approach to manage privileges that uses SQL Discretionary Access Control (DAC). The SQL standard support DAC through the GRANT and REVOKE commands. The GRANT command gives privileges to users while the REVOKE command takes away privileges (Connolly and Begg 2005). More explanation on this will be discussed in more detail in the next section since we are focusing on Microsoft Office Access.
8.2.3 Views
„A view is the dynamic result of one or more relational operations operating on the base relations to produce another relation. It is a virtual relation that does not actually exist in the database, but is produced upon request by a particular user at the end of request‰ (Connolly and Begg 2005). In other words, a view is created by querying one or more of the base tables, producing a dynamic result table for the user at the time of the request (Hoffer et. Al. 2007). The user may be allowed to access the view but not the base tables which the view is based. The view mechanism hides some parts of the database from certain users and the user is not aware of the existence of any attributes or rows that are missing from the view. Thus, a user is allowed to see what they need to see only. Several users may share the same view but only restricted ones may be given the authority to update the data.
8.2.4 Backup and recovery
„Backup is the process of periodically taking a copy of the database and log file to offline storage media‰ (Connolly and Begg 2005). Backup is very important for a DBMS to recover the database following a failure or damage. A DBMS should provide four basic facilities for backup and recovery of a database as follows:
1. Backup facilities that provide periodic backup copies of the database.
Typically, a backup copy is produced at least once per day. The copy should be stored in a secured location where it is protected from loss or damage. However, regular backups for large databases may be time consuming. Thus, a cold backup where the database is shut down is appropriate for small database while a hot backup where only a selected
portion of the database is shut down from use is more practical for large databases. Thus, determining backup strategies must be based on the demands being placed on the database systems.
2. Journalising facilities that maintain an audit trail of transactions and database changes. In the event of failure, a consistent database state can be reestablished using the information in the journals together with the most recent backup.
3. Checkpoint facilities whereby the DBMS periodically suspends all processing and synchronizes its files to establish a recovery point. The checkpoint record stores the necessary information in-order to restart the system. A DBMS may perform checkpoints automatically or based on commands in the application programs. When failures occur, it is often possible to resume processing from the most recent checkpoints. In this case, only a few minutes of processing work may be repeated, compared to a few hours for a complete restart of the dayÊs processing.
4. Recovery manager that allows the DBMS to restore the database to a correct condition and restart processing transactions (Hoffer et. al. 2007).
8.2.5 Encryption
„Encryption is the process of encoding of the data using a special algorithm that renders the data unreadable by any program without the decryption key
„(Connolly and Begg 2005). Data encryption can be used to protect highly sensitive data like customer credit card numbers or user password. Some DBMS products include encryption routines that would automatically encode the sensitive data when they are stored or transmitted over communication channels.
For instance, encryption is usually used in electronic funds transfer systems. So, for example, if the original data or plain text is RM5000 may be encrypted using a special encryption algorithm would be changed to XTezzz.
Any system that provides encryption facility must also provide the decryption facility to decode the data that has been encrypted. The encrypted data is called cipher text. These decoding schemes must also be protected otherwise the advantages of encryption are lost. They also usually require significant computing resources.
There exists two common forms or encryption that are one-key and two-key.
With one-key approach, also known as DataEncryption Standard (DES), both the sender and the receiver need to know the key that is used to scramble the transmitted or stored data. A two-key approach, also known as asymmetric encryption, employs a private and a public key. This approach is popular in
e-commerce applications for transmission security and database storage of payment data such as credit card numbers (Hoffer et.al. 2007).
8.2.6 RAID (Redundant Array of Independent Disks)
The DBMS should continue to operate even though if one of the hardware components fails. This is very important especially for real-time processing where a one second delay in result processing would affect the system performance or even money loss. Thus, the hardware that the DBMS is running on must be fault-tolerant where the DBMS should continue operating and processing even if there is hardware failure. The main hardware components that should be fault-tolerant are disk drives, disk controllers, CPU, power supplies and cooling fans (Connolly and Begg 2005).
One way to handle fault-tolerant is the use of Redundant Array of Independent Disks (RAID) where it works by having a large disk array containing of an arrangement of several independent disks. These disks are organized to improve performance. The performance can be increased through data stripping where the data is segmented into equal-size partitions, distributed across multiple disks.
This looks like the data is stored in a single large disk, but in fact the data is distributed across several smaller disks, being processed in parallel (Connolly and Begg 2005).